REAL CHALLENGES FOR VIRTUAL BORDERS:

(1)

MIGRATION POLICY INSTITUTE

The Implementation of US-VISIT

Rey Koslowski

Associate Professor of Political Science

Rutgers University–Newark

REAL CHALLENGES FOR

VIRTUAL BORDERS:

(2)

VIRTUAL BORDERS:

The Implementation of US-VISIT

Rey Koslowski

Associate Professor of Political Science

Rutgers University–Newark

(3)

(4)

I. Introduction 1

II. Border control after September 11, 2001 4

III. US-VISIT and how it works 6

A. The development of US-VISIT 6

B. Implementation increments, systems, and processes 10

C. Related programs and systems 14

IV. Challenges 19

A. Multiple missions 19

B. Entry process 26

C. Exit process 36

D. Radio frequency-enabled exit controls 39

E. Incomplete data, data interoperability, and 44 data availability

F. RF technology and Visa Waiver Program 47

country passports

G. A world of digitized biometrics 51

V. Recommendations 53

A. Reconsider policy and/or revise 53

implementation expectations

B. Use technology appropriate to the task 54

C. Hire more inspectors 55

D. Use port modeling and simulation to better phase 57 in system deployment

E. Explore alternative inspection options 59

F. Initiate national debate on fingerprints in US passports 60

G. Ensure database security 61

(5)

I. INTRODUCTION

The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program is developing an automated entry-exit tracking system that collects biographical and biometric data from foreign nationals at US consulates abroad as well as when they enter the United States. Watch list checks are run on the data collected in order to help inspectors at ports-of-entry keep out potential terrorists and criminals as well as determine whether those who enter the United States leave in accordance with the terms of their visas. The entry-exit tracking system at the core of US-VISIT was initially envisioned to enforce immigration law, but was then recast into a counterterrorism role after September 11, 2001.

US-VISIT is an integral part of the Bush administration’s efforts to cre-ate a “smart border,” which “must integrcre-ate actions abroad to screen goods and people prior to their arrival in sovereign US territory, …allow extensive prescreening of low-risk traffic, thereby allowing limited assets to focus attention on high-risk traffic, [and] use… advanced technology to track the movement of cargo and the entry and exit of individuals.”1_{In a dramatic illustration of the administration’s} agenda, Richard Falkenrath, former deputy assistant to the president and deputy Homeland Security advisor, drew an analogy likening the revolution in military affairs of the 1990s to the “revolution in border security” that is taking place now.2

The US National Homeland Security Strategy advocates “pushing bor-ders out” beyond US territorial boundaries by stationing Customs and Border Protection (CBP) officers in seaports and airports abroad and by requiring electronic submission of passenger and cargo manifests in

1 “Fact Sheet: Border Security,” The White House, January 25, 2002, http://www.white-house.gov/news/releases/2002/01/20020125.html (accessed January 27, 2005). 2 Response to author’s question at “Transatlantic Homeland Security? European

Approaches to ‘Total Defense,’ ‘Societal Security’ and Their Implications for the US,” Center for Transatlantic Relations, Paul H. Nitze School of Advanced International Studies, Johns Hopkins University, February 19, 2004.

(6)

advance of departure to the United States. As expanding e-government and private sector submission of electronic data enables the preclear-ance of passengers and cargo, thereby removing the necessity of inspection at territorial boundaries, borders may increasingly exist de facto in cyberspace, i.e., become “virtual borders.”

The Department of Homeland Security contracted with a team of com-panies in May 2004 to realize its vision for US-VISIT “to deploy end-to-end management of processes and data on foreign nationals to the United States covering their interactions with US officials before they enter, when they enter, while they are in the United States, and when they exit. This comprehensive view of border management will lead to the creation of a ‘virtual border.’ ”3_{Congress mandated the deployment} of an automated entry-exit system at all ports-of-entry by the end of 2005. However, this more comprehensive vision for US-VISIT is expect-ed to be developexpect-ed and deployexpect-ed over the coming five to ten years. This report will evaluate US-VISIT within the broader contexts of national and homeland security as well as immigration law enforce-ment and policymaking. This evaluation is primarily based on the review of government documents as well as discussions with policy-makers and stakeholders in Washington, DC, San Diego/Tijuana, and Detroit-Windsor; participation in not-for-attribution roundtable discus-sions with policymakers; public meetings; and congressional hearings. The intent of the report is constructive criticism, which may be useful in rethinking approaches and formulating midcourse corrections given that the system will not be fully developed and deployed until the end of this decade at the earliest. Since the publicly available information on US-VISIT does not fully specify the shape of the future system and the range of people who will ultimately be subject to it, this report also includes some speculation.

Even when fully deployed, US-VISIT can only be a small part of the counterterrorism toolkit. US-VISIT is becoming an additional obstacle

3 “Request for Proposals for US-VISIT Program Prime Contractor Acquisition,” RFP no. HSSCHQ-04-R-0096, US-VISIT Office, Department of Homeland Security, November 28, 2003.

(7)

to foreign terrorists wishing to enter the country, but it is unlikely itself to catch many terrorists trying to enter the United States.

“Established” terrorists with track records within the intelligence com-munity are unlikely to voluntarily submit their biographical and bio-metric data at US consulates and ports-of-entry. “Potential” future ter-rorists are unlikely to have generated intelligence records that would trigger a watch list hit in the system. Although US-VISIT is unlikely to catch many terrorists, it may deter some terrorists and deflect those who are more determined toward more difficult crossings.

There are many technical, physical, political, and economic challenges to the implementation of US-VISIT, even if only to enforce immigration laws. No matter how “smart” borders become, they cannot become totally virtual. Most notably, significant investments in physical infra-structure at the border will be necessary to enable new technologies to work their magic. More trained inspection personnel will still be required to ensure adequate inspection of travel documents. Information systems also require accurate and complete data to be effective, and there are major gaps in the data being entered into the individual systems that currently make up US-VISIT as well as limita-tions on the interoperability of that data.

It is, therefore, not clear that US-VISIT’s potential benefits justify the necessary investments in border infrastructure, data acquisition, human resources, and other resources to make it work as envisioned or that the president and Congress are willing to expend sufficient “politi-cal capital” to overcome these barriers. If the politi“politi-cal will is lacking to undertake some potentially very expensive and unpopular measures necessary for effective deployment of US-VISIT, it may be better to scale back the requirements—and expectations—of the program rather than develop a problem-ridden, partially deployed system that cannot accomplish the unrealistic goals set out for it.

(8)

II. BORDER CONTROL AFTER

SEPTEMBER 11, 2001

The September 11 attacks exposed the security consequences of increasing migration and travel, as terrorists used visa and identity document fraud to enter the United States. Al Qaeda operated a “passport office” at the Kandahar airport to alter travel documents and train operatives, including Mohamad Atta.4_{At least two, and} perhaps as many as eleven, of the September 11 hijackers used fraudulently altered passports. One of the hijackers entered with a student visa but never showed up for class; three had stayed in the United States after their visas expired; and several purchased fraudu-lent identity documents on the black market that primarily services illegal migrants.5_{Contrary to many of the early discussions in the} media that claimed all of the hijackers entered legally and that bor-der controls were therefore irrelevant to their entry, the 9-11 Commission concluded that “15 of the 19 hijackers were potentially vulnerable to interception by border authorities.”6 _{The 9-11} Commission staff report on terrorist travel also details linkages between human smugglers and Al-Qaeda and other terrorist groups in need of travel facilitation.7

4 The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States (New York: W.W. Norton 2004), 169.

5 “Ziad Jarrah attended flight school in June 2000 without properly adjusting his immigra-tion status, thereby violating his immigraimmigra-tion status and rendering him inadmissible under 8 USC. § 1182(a)(7)(B) each of the subsequent six times he reentered the United States between June 2000 and August 5, 2001. (Hani) Hanjour did not attend school after entering on a student visa in December 2000, thereby violating his immigration status and making him deportable under 8 USC. § 1227(a)(1)(B). Mohamed Atta failed to present a proper M-1 (vocational school) visa when he entered the United States in January 2001. He had previously overstayed his tourist visa and therefore was inadmis-sible under 8 USC. § 1182(a)(7)(B). Nawaf al Hazmi and Suqami overstayed the terms of their admission, a violation of immigration laws rendering them both deportable under 8 USC. § 1227(a)(1)(B),” (9/11 Commission 2004a: 138-39).

6 Ibid., 384.

7 9/11 and Terrorist Travel: Staff Report of the National Commission on Terrorist Attacks Upon the United States, (9/11 Commission 2004a).

(9)

The Department of Homeland Security (DHS) was established to increase transportation and border security, minimize the risk of anoth-er tanoth-errorist attack, and prepare to respond to any future attacks that may occur. The DHS’s Bureau of Customs and Border Protection (CBP) has the task of intercepting terrorists, enforcing immigration law, and collecting customs duties at 326 air, sea, and land ports-of-entry and preclearance stations ,8_{and between ports-of-entry along the} 5,525-mile US–Canadian border and the 1,989-5,525-mile US–Mexican border. At the same time, CBP is charged with facilitating lawful trade and travel at those ports-of-entry. Approximately 433 million people were inspected upon entry into the United States in fiscal year (FY) 2004. Of those, 337 million crossed the land border, 77 million entered through airports, 14 million entered seaports, and 628,290 were denied entry.9_{It has been estimated that there are now about ten} mil-lion undocumented migrants in the United States, approximately 30 to 40 percent of whom entered legally but overstayed their visas.

The attacks of September 11, 2001, demonstrated the vulnerability of the US economy to shutdowns of the transportation system. The grounding of commercial air traffic and heightened border security after the September 11 attacks amounted to the United States doing to itself what no enemy had done before: an embargo on trade.10_This self-embargo demonstrated the vulnerability of extended supply chains and transborder, just-in-time manufacturing, most dramatically on the US–Canadian border. Up to ten million vehicles annually cross the Ambassador Bridge between Windsor, Ontario, and Detroit, Michigan, along with approximately 25 percent of US–Canadian merchandise trade. Shortly after the attacks, traffic backed up by as much as fifteen hours. Within days, Daimler-Chrysler announced that it would have to stop several US assembly lines for want of Canadian parts caught in traffic backups at the border. More than any other event, these

8 “There are 312 official ports-of-entry in the United States and fourteen preclearance sta-tions in Canada and the Caribbean, a total of 326 officially manned and unmanned ports,” http://www.cbp.gov/xp/cgov/toolbox/ports/.

9 See Immigration Monthly Statistical Report, September 2004 Year End Report at http://uscis.gov/graphics/shared/aboutus/statistics/msrsep04/INSP.HTM.

10 Stephen E. Flynn, “America the Vulnerable,” Foreign Affairs 81, no. 1 (Jan./Feb. 2002): 60-74.

(10)

backups at the US–Canadian border precipitated the US–Canadian “Smart Borders” Declaration11_{and prompted the Bush administration} to adopt the information technology–enabled, risk management approach to border control that resulted in increased budgets for bor-der control information technologies.

III. US-VISIT AND HOW IT WORKS

A.The development of US-VISIT

Although many policy initiatives and the associated border control information technology that underlies the smart borders approach existed before September 11, 2001, it was the attacks on that day that led Congress to demand their implementation. Section 110 of the US Illegal Immigration Reform and Immigrant Responsibility Act of 1996 had mandated that the Immigration and Naturalization Service (INS) develop an automated entry-exit control system that would “collect a record of every alien departing the United States and match the records of departure with the record of the alien’s arrival in the United States.”12_{This was to be done by the end of 1998. The original} pur-pose of the system was not related to preventing criminal entry or counterterrorism, but to addressing the issue of visa overstays. Congress pushed back the deadline for implementation of the law in October 1998 after lobbying by US business groups, states, and locali-ties bordering Canada and Mexico.13_{These groups pointed out that}

11 For an evaluation of the Smart Border agreements with Canada and Mexico, see Deborah Waller Meyers, “Does ‘Smarter’ Lead to Safer? An Assessment of the Border Accords With Canada and Mexico,” MPI Insight, (Migration Policy Institute), no. 2 (June 2003). 12 Illegal Immigration Reform and Immigrant Responsibility Act of 1996, section 110.a.1,

“Automated Entry-Exit Control System,” US Congressional Record—House (September 28, 1996): H11787.

13 Theodore H. Cohn, “Cross-Border Travel in North America: The Challenge of US Section 110 Legislation,” Canadian American Public Policy, (Occasional Paper Series of the Canadian-American Center, University of Maine at Orono), no. 40 (October 1999): 25-38.

(11)

registering every person who crosses into the United States from Canada or Mexico, even using then-existing smart card technology, would still require enough processing time to back up traffic at the border for hours, especially at the Detroit-Windsor crossing.14 _The Data Management Improvement Act (DMIA) of 2000 amended Section 110, mandating the development of an entry-exit system to be put in place at all air and seaports by the end of 2003, at the fifty most highly trafficked land entry by the end of 2004, and at all ports-of-entry by the end of 2005. In practical terms, however, the DMIA deflected the creation of a full-fledged entry-exit system with a com-plete database since it limited data collection to that which was already being collected by the INS by existing authorities of law and disallowed collection of any new entry-exit data.15

The entry-exit tracking system that existed prior to September 11, 2001, primarily covered passengers arriving by airplane and consisted of a paper I-94 form stamped at the port-of-entry, which was supposed to be collected by the airline upon departure, given to the INS, then sent by the INS to a contractor who manually entered the data into the database of the legacy INS Nonimmigrant Information System (NIIS). Due to lost forms, incomplete or inaccurate data entry, exit by land border, and incomplete deployment of the system, missing exit data corrupted the database, leaving inspectors with no effective way of knowing if individuals had overstayed their visas.16_{This was the case} with several of the September 11 hijackers.

For example, an INS inspector at Miami International Airport stopped Mohamed Atta on January 10, 2001, when Atta said that he was plan-ning to take flight lessons but was entering the country on a tourist visa rather than a vocational education visa. He was detained for addi-tional questioning by another officer, and after almost an hour he was released. Neither officer noticed that he had overstayed his visa by more than a month on his previous trip to the United States. A former 14 Senate Judiciary Committee Report, submitted with The Border Improvement and

Immigration Act of 1998, Senate Report 105-197.

15 See Data Management Improvement Act of 2000, Public Law 106-215. 16 Statement of Michael R. Bromwich before the House Judiciary Committee,

(12)

INS inspector, Patrick Pizarro, explained that the inspectors most like-ly missed Atta’s overstay because they were under pressure to clear tourists as quickly as possible, yet “You don’t have all the information about every arriving passenger in one database,” Pizzaro said. “It’s all scattered in various databases and it’s time-consuming to find the information you need.”17_{After September 11, incoming passengers} received greater scrutiny, but according to an INS inspector from Miami who appeared on CBS’s 60 Minutes against his supervisor’s wishes, the systems were down once or twice a week, and passengers were still being admitted without having been checked against the lookout databases.18

In response to the September 11 attacks and the failures of government information systems that they exposed, Congress passed and President Bush signed into law entry-exit system provisions in the USA PATRI-OT Act19_{and in the Enhanced Border Security and Visa Entry Reform} Act of 2002.20_{Both pieces of legislation reiterated the DMIA mandate} for implementation of an entry-exit system. The USA PATRIOT Act mandated that the entry-exit system should utilize biometric technolo-gy and tamper-resistant, machine-readable documents, and that the system should be able to interface with other law enforcement databas-es. The Enhanced Border Security and Visa Entry Reform Act, passed in the Senate by a margin of 97 to 0 and in the House 411 to 0, specif-ically required the development of a database for arrival and departure data from machine-readable travel documents, the establishment of standards for biometrics for visas and other travel documents, and the installation of equipment at all ports-of-entry to enable collection, comparison, and authentication of biometric data. In order to address the loopholes that allowed some members of Al Qaeda to enter on US visas, Congress mandated that all US visas incorporate a biometric

17 Quoted in Alfonso Chardy, “Atta faced questions about visa at MIA, Flying-lesson plans aroused suspicion,” The Miami Herald, October 19, 2001.

18 “INS Vigilance Under Fire,” 60 Minutes, CBS News, March 10, 2002.

19 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept

and Obstruct Terrorism (USA PATRIOT) Act of 2001, Public Law 107-56, section 414

(October 26, 2001).

20 Enhanced Border Security and Visa Entry Reform Act of 2002, Public Law 107–173, sec-tion 302 (May 14, 2002).

(13)

identifier by October 26, 2004, and a combination of facial recognition and electronic fingerprint scanning was selected as “the most effective and least intrusive.”21

Most recently, the Intelligence Reform and Terrorism Prevention Act of 2004 called for an acceleration of the full implementation of an auto-mated biometric entry-exit data system; collection of biometric exit data from all those required to provide biometrics upon entry; integra-tion of all databases that contain informaintegra-tion on aliens and interoper-ability with the entry-exit system; policies and procedures to maintain accuracy and integrity of entry-exit data; frontline personnel training; and a registered traveler program that is integrated into the automated, biometric entry-exit system.22

After the September 11 attacks, border management agencies created an Integrated Program Team (IPT), originally known as the Entry-Exit Program Team. This team developed the Visa Waiver Permanent Program Act Support System (VWPASS) and the National Security Entry-Exit Registration System (NSEERS). On April 29, 2003, the newly established Department of Homeland Security announced the consolida-tion and revamping of these programs to form the new US-VISIT pro-gram. The US-VISIT program is housed within the Border and Transportation Security (BTS) Directorate. The program team includes representatives from CBP, Immigration and Customs Enforcement (ICE), and the Transportation Security Agency (TSA). The program spans the DHS, with representatives from US Citizenship and Immigration Services (USCIS), the Directorate for Management, and the Science and Technology Division. The program also reaches outside DHS, with repre-sentatives from the departments of Transportation, State, Commerce, and Justice and from the General Services Administration (GSA).

On July 8, 2003, the US-VISIT program sponsored an Industry Day at which program staff presented their system requirements to 21 “Post 9/11 Visa Reforms and New Technology: Achieving the Necessary Improvements

in a Global Environment,” testimony of Janice L. Jacobs, deputy assistant secretary for consular affairs, before the Senate Foreign Relations Committee, October 23, 2003. 22 The Intelligence Reform and Terrorism Prevention Act of 2004, House Report 108-796,

(14)

prospective contract bidders and asked the firms for their input. As US-VISIT director Jim Williams put it, “I really envision this as a partnership every step of the way, a seat at the table….We want the prime integrator to play a key role with every aspect.”23

In the subsequent request for proposals (RFP), the US-VISIT program set out the mission of US-VISIT to “collect, maintain, and share informa-tion on foreign nainforma-tionals, including biometric identifiers, through a dynamic, interoperable system that determines whether the individual: should be prohibited from entering the US; can receive, extend, change, or adjust immigration status; has overstayed or otherwise violated the terms of their admission; should be apprehended or detained for law enforcement action; needs special protection/attention (i.e., refugees).”24 A prime contractor and its team of companies were to develop the com-prehensive system envisioned to achieve that mission, and at the end of May 2004, a team led by Accenture was selected. The US-VISIT pro-gram’s cumulative budget added up to well over $1 billion through the end of FY2005.25_{In addition, President Bush has proposed $390} mil-lion for US-VISIT in FY2006.26_{Looking towards the future, the DHS} has estimated that the overall cost of the system would be $7.2 billion through FY2014, but the Government Accountability Office (GAO) cal-culated that its ten-year cost could be as much as twice that.27

B. Implementation increments, systems, and processes

In accordance with congressional mandates, US-VISIT is being imple-mented incrementally.28_{Increment 1 of US-VISIT went live January 5,}

23 Quoted in Sara Michael, “US-VISIT Requirements Outlined,” Federal Computer Week, July 8, 2003.

24 “Request for Proposals for US-VISIT Program Prime Contractor Acquisition,” RFP no. HSSCHQ-04-R-0096, US-VISIT Office, Department of Homeland Security, November 28, 2003.

25 “Budget in Brief, Fiscal Year 2005,” Department of Homeland Security. 26 “Budget in Brief, Fiscal Year 2006,” Department of Homeland Security.

27 Randolf C. Hite, testimony for oversight hearing, “US-VISIT—A Down Payment on Homeland Security,” House Committee on the Judiciary, March 18, 2004.

28 See “Request for Proposals for US-VISIT Program Prime Contractor Acquisition,” op. cit., and “Some Progress Made, but Many Challenges Remain on US Visitor and Immigrant Status Indicator Technology Program,” Government Accountability Office, GAO-05-202, February 2005.

(15)

2004, when the DHS began to collect digital photographs and finger-print scan biometrics from those individuals traveling on a nonimmi-grant visa to the United States upon entry at 115 airports and fourteen seaports. Exit capability was initially limited to two pilot projects at Baltimore-Washington International Airport (BWI) and Miami Seaport. In August and November of 2004, pilot projects were extended to twelve additional airports and one seaport. Increment 2A was to deploy equipment and software at all ports-of-entry, to capture biometric data from machine-readable travel documents by October 26, 2004, but this deadline was extended. Increment 2B involved deploying the entry capabilities of Increment 1 at the fifty highest-volume land ports-of-entry by December 31, 2004. Increment 2C involves pilot deployment of a radio frequency (RF) system that captures biographical data at exit as well as entry at one or more land ports-of-entry by June 30, 2005. Increment 3 extends Increment 2B capability to the remaining 115 land ports-of-entry by December 31, 2005. Increment 4 will be an expanded set of releases of the envisioned, integrated solution to be developed by the Accenture-led team.

The preentry process, as it currently exists, begins at US consulates abroad. Nonimmigrant visa applicants provide biographic data on the visa application and submit a digital photograph and fingerprint scans at US embassies and consulates. These data are checked against the Consular Lookout and Support System (CLASS) watch list, which includes data from the Justice Department’s National Crime

Information Center (NCIC) system, a computerized index of criminal justice information (criminal records, fugitives, terrorist lookouts, miss-ing persons, etc.) as well as other Interagency Border Inspection System (IBIS) watch lists. A record is then generated within IBIS. IBIS is a system shared by twenty law enforcement and border control agen-cies that resides on the Treasury Enforcement Communication System (TECS) at the CBP Data Center. After watch list checks are run, the visa application is either approved or denied. When those who have received a visa board a US-bound airplane or ship, the airlines and sea carriers are required to electronically transmit passenger manifests using the Advance Passenger Information System (APIS). Passenger data on these manifests are then checked against watch lists in advance of arrival at US ports-of-entry.

(16)

US-VISIT Component Systems

According to the US-VISIT RFP,29_{the requirements of the first three}

increments are being met by extending, enhancing, and building interfaces between some (and potentially all) of the following legacy systems:30

Arrival Departure Information System/Visa Waiver Permanent Program Act Support System (ADIS/VWPASS)

Advance Passenger Information System (APIS) Biometric Verification System (BVS)

Consolidated Consular Database (CCD) Central Index System (CIS)

Computer-Linked Application Information Management System (CLAIMS) Consular Lookout and Support System (CLASS)

Global Enrollment System (GES)

Integrated Automated Fingerprint Information System (IAFIS) Interagency Border Inspection System (IBIS)

INS Automated Biometric Identification System (IDENT)

Immigration and Naturalization Service Passenger Accelerated Service System (INSPASS)

National Automated Immigration Lookout System (NAILS II) NEXUS

Nonimmigrant Information System (NIIS) Outlying Area Reporting Station (OARS) Portable Automated Lookout System (PALS)

Secure Electronic Network for Travelers Rapid Inspection (SENTRI) Student Exchange and Visitor Information System (SEVIS)

Since the preparation of the RFP, some of these systems may have been decommissioned or merged into other systems. Some of these systems may remain in existence independent of US-VISIT, even though they interface with US-VISIT. Other systems may eventually disappear as stand-alone systems as all of their functions are incorporated into anoth-er component of US-VISIT. From all public indications, howevanoth-er, it appears that for the foreseeable future the US-VISIT system will be made up of these interfaced systems, and the system envisioned in Increment 4 will build on, add to, and extend the capabilities of these systems.There is a debate within the DHS as to whether at some point a completely new system should be built to which all US-VISIT functions would migrate, thus terminating all legacy systems.

(17)

The entry process, as it currently exists at air and seaports, begins when a foreign national arrives at the primary inspection site and presents his or her travel documents to the inspector. The inspector scans the machine-readable documents (or enters data manually if documents are not machine-readable) into IBIS. The Inspector Field Manual requires that in primary inspections, inspectors must run queries of IBIS using the foreign national’s last name, first name, date of birth, and passport number.31_{IBIS and APIS queries generate any existing biographical} lookout hits and existing records based on manifest data. IBIS also indi-cates if there are any existing fingerprints in the IDENT database that were submitted during the visa application process. Once a biographi-cal record is generated from the Consolidated Consular Database (CCD) or from passenger manifest data, the inspector switches to the IDENT screen, takes the person’s photograph, and scans each index finger. These biometrics are checked against the IDENT database. If there are no fingerprints in the database, the person is enrolled in US-VISIT; if there are fingerprints that were submitted during the visa application process, a one-to-one match with data from the initial enrollment abroad verifies the individual’s identity.32_{If there is a watch list hit or a} biometric mismatch, the person goes to secondary inspection for addi-tional screening.33

In the exit process, as it currently exists, air and sea carriers transmit electronic manifest data though APIS, which is then matched to entry records in ADIS for a corresponding entry-exit confirmation. At the thirteen airports and two seaports where the exit process is being piloted, departing visitors “check out” of the country at self-serve US-VISIT exit stations or with attendants at the departure gate in one

29 See “Request for Proposals for US-VISIT Program Prime Contractor Acquisition,” op. cit. 3 30 Other systems may feed data to US-VISIT or may be interfaced in the future but were

not on this list in the RFP.

31 “A Review of the Use of Stolen Passports from Visa Waiver Countries to Enter the United States,” Department of Homeland Security, Office of Inspector General, OIG-05-07 December 2004, 15.

32 As it stands, digital photographs and fingerprints from previous enrollments are not available to the officer conducting the primary inspection.

33 “First Phase of Visitor and Immigration Status Program Operating, but Improvements Needed,” General Accounting Office, GAO-04-586, May 2004.

(18)

of three ways: 1) at self-service exit stations, visitors place their two index fingers on the scanner, have a digital photograph taken, and receive a printed receipt that verifies checkout; attendants are avail-able for assistance; 2) an additional step is added in which a US-VISIT attendant at the departure gate verifies departure by scanning the receipt from the exit station and taking another finger scan with a portable reader to match to the receipt; 3) visitors are checked out at the departure gate by a US-VISIT attendant using a portable biometric reader/exit processing device. In the initial two pilots, biometric data collected from exit stations are burned onto a CD-ROM at the end of each day and mailed by express service to a contracting firm that enters the data into IDENT, which executes a one-to-one match com-paring the exit to the entry record.34

C. Related programs and systems

As the envisioned US-VISIT system develops, it will more fully incor-porate the functions of the National Security Entry-Exit Registration System (NSEERS), Student Exchange Visitor Information System (SEVIS), and registered traveler systems such as INSPASS, NEXUS, and SENTRI. Indeed, the DHS is now proposing to establish the Office of Screening Coordination and Operations (SCO) within the Border and Transportation Security (BTS) Directorate in order to consolidate vari-ous screening efforts and enhance terrorist-related screening “through comprehensive, coordinated procedures that detect, identify, track, and interdict people, cargo, and other entities and objects that pose a threat to homeland security.”35_{This new office would encompass} US-VISIT; NEXUS; SENTRI; Secure Flight and Crew Vetting; Free and Secure Trade (FAST); Transportation Worker Identification Credential (TWIC); Registered Traveler; Hazardous Materials Trucker

Background Checks; and Alien Flight School Checks. The proposed FY2006 budget for the SCO is approximately $847 million, of which $390 million is dedicated to US-VISIT.36

34 Ibid.

35 “Budget in Brief, Fiscal Year 2006,” op. cit, 6. 36 Ibid., 15.

(19)

The NSEERS program was initiated on September 11, 2002, and it has been described by Immigration and Customs Enforcement (ICE) as “the first step taken by the Department of Justice and then DHS in order to comply with the development of the Congressionally-mandated requirement for a comprehensive entry-exit program by 2005.”37 “Special registration,” as the process is also known, created a national registry for nonimmigrant aliens initially from countries that were deemed high risk from a security standpoint. Nationals of Iran, Iraq, Libya, Syria, and Sudan are required to register at ports-of-entry, and based on initial questioning upon arrival, CBP officers could require registration of foreign nationals from all other countries, if deemed necessary.38_{NSEERS collects photographs and fingerprints from these} visiting foreigners as well as detailed information about the back-ground and purpose of their visit to the United States. Those who are entered into NSEERS at entry must also register their departure at one of the specially designated ports and appear before a CBP officer. Until cancellation in December 2003, there had also been an addition-al requirement for a thirty to forty-day follow-up interview for those who were registered at a port-of-entry as well as an annual registration requirement. Known as “domestic registration,” this requirement was imposed on males over sixteen years of age from Afghanistan, Algeria, Bahrain, Bangladesh, Egypt, Eritrea, Indonesia, Iran, Iraq, Jordan, Kuwait, Libya, Lebanon, Morocco, North Korea, Oman, Pakistan, Qatar, Somalia, Saudi Arabia, Sudan, Syria, Tunisia, United Arab Emirates, and Yemen. As of September 30, 2003, nationals of 150 countries have been registered in NSEERS for a total of 290,526 regis-trations: 207,007 registrations (93,741 individuals) at ports-of-entry and 83,519 individuals at the former INS offices.39_{When US-VISIT is} fully deployed, with complete entry and exit capabilities at all ports and with an integrated status management system, it is expected that the separate biometric entry-exit enrollment features of the NSEERS

37 “Changes to National Security Entry/Exit Registration System (NSEERS),” Fact Sheet, Immigration and Customs Enforcement, December 1, 2003, http://www.ice.gov/graph-ics/news/factsheets/nseersFS120103.htm (accessed January 25, 2005).

38 For example, those born in Iran, Iraq, Libya, and Syria who were naturalized elsewhere. 39 “Changes to National Security Entry/Exit Registration System (NSEERS),” op. cit.

(20)

program can be eliminated. However, the more detailed interviews and background checks of special interest persons of the NSEERS program will most likely continue.

SEVIS is a system designed to maintain data on foreign students and exchange visitors and their dependents. The system is administered by Immigration and Customs Enforcement (ICE) and used by CBP to reg-ister entries and exits. Mandated by 1996 legislation, SEVIS had been deployed on a pilot basis before September 11, 2001, after which Congress mandated full-scale deployment so that schools could use the Web-based system by January 30, 2003, and so that all students and exchange visitors could be registered with SEVIS by August 1, 2003. One year later, 8,737 schools were using the system, and the data of more than 770,000 students and exchange visitors, as well as 100,000 dependents, were being managed by the system.40_{Together with the} Computer-Linked Application Information Management System (CLAIMS 3), SEVIS is central to the existing US-VISIT status manage-ment capability. As the system envisioned for Incremanage-ment 4 of US-VISIT develops an increasingly robust status management capability, it may or may not be necessary for SEVIS to continue as an additional, stand-alone system, depending on how other SEVIS functions such as the registration of schools authorized to enroll foreign students, work authorization, and reinstatement of status are handled.

The Passenger Accelerated Service System (INSPASS) is a legacy INS program started in the mid-1990s that uses a database linked to a hand geometry recognition system. US citizens and noncitizens (nationals of Canada, Bermuda, and Visa Waiver Countries) who are frequent fliers, are traveling on certain visas, and are willing to give personal and passport data for a background check, as well as a digi-tized biometric reading of their hand for entry into the database, could be expedited through passport controls. According to a fact sheet post-ed on the “Frequent Traveler Programs” page of the CBP Web site,41 INSPASS is at six international airports: Los Angeles, CA (LAX);

40 “SEVIS—Year Two,” Department of Homeland Security, Fact Sheet, August 27, 2004. 41 See “INS Passenger Accelerated Service System (INSPASS)” (last modified 06/21/2004),

(21)

Newark, NJ (EWR); John F. Kennedy, NY (JFK); Washington Dulles, VA (IAD); and the US preclearance sites at Vancouver and Toronto in Canada. INSPASS lanes are suspended, however, when the terrorist threat level goes to orange. However, based on personal observation at several of these airports, INSPASS no longer appears to be operative. INSPASS may in some respects be a model for the Transportation Security Agency (TSA)’s Registered Traveler pilot program, which is available to US nationals and legal permanent residents for expedited treatment at some TSA airport security screening locations.

NEXUS and SENTRI are preapproved passenger vehicle programs in which registered travelers enroll by submitting information for criminal and terrorist background checks. NEXUS is jointly administered by the United States and Canada; the SENTRI program operates at ports-of-entry along the US border with Mexico. After a NEXUS enrollee clears the background check, he or she receives a radio frequency (RF)-enabled proximity card. The RF-enabled chip on this card is read at the port-of-entry and automatically pulls up background information and a photo for an inspector. The inspector can then quickly verify the NEXUS cardholder’s identity and wave him or her through. The SEN-TRI process is similar except that it is vehicle-based and a radio fre-quency identification (RFID) transponder is attached to the enrollee’s car. There are plans to transform SENTRI into a person-based system with individual proximity cards. Although interfaces had not been built to connect NEXUS and SENTRI to US-VISIT,42_{the Intelligence} Reform and Terrorism Prevention Act of 2004 requires that such regis-tered traveler programs be integrated into the biometric entry and exit data system.

Initially, the requirement for biometric enrollment in US-VISIT upon entry into the United States did not apply to nationals of the twenty-seven states in the US Visa Waiver Program (VWP) who are permitted to enter and stay in the United States without a visa for up to ninety days. The original idea was that these countries would include bio-graphic and digitized biometric data in machine-readable passports in order for border control authorities to securely establish their

(22)

nationals’ identities and facilitate biographic and biometric watch list checks. The Enhanced Border Security and Visa Entry Reform Act conditioned countries’ participation on the issuance of machine-read-able, tamper-resistant passports containing biometric data and set a deadline of October 26, 2004. After many countries informed the State Department and the DHS that they could not meet this deadline, for-mer secretaries Tom Ridge and Colin Powell asked Congress for a postponement to December 2006,43_{and Congress granted a one-year} extension to October 26, 2005.44_{In conjunction with the deadline} extension request, the DHS announced that nationals of the twenty-seven Visa Waiver countries would be required to enroll in US-VISIT and submit to a digital photograph and finger scanning upon entry beginning September 30, 2004.

The US Congress deferred to the International Civil Aviation Organization (ICAO) on setting the biometric standards for passports issued by Visa Waiver countries, and it was not until May 28, 2003, that ICAO announced an agreement—a digital photo for facial recogni-tion plus oprecogni-tional biometrics of fingers and/or eyes, which are stored on contactless integrated circuit (IC) chips.45_{The contactless IC chip} is part of a radio frequency (RF) system in which data on the IC chip is transmitted via radio waves to a reader. The reader provides the power; the contactless IC chips are passive and do not require batter-ies. In contrast with machine-readable travel documents that contain data on magnetic strips, a passport with a contactless chip can be scanned by the reader at a distance, therefore allowing faster transfer of data from the passport.

As originally envisioned, holders of new biometric passports issued by Visa Waiver countries will give their passports to CBP inspectors who 43 Colin Powell and Tom Ridge, letter to Jim Sensenbrenner Jr., chairman, Committee on the Judiciary, House of Representatives, March 17, 2004, http://www.house.gov/judici-ary/ridge031704.pdf (accessed March 29, 2004).

44 See “An Act: To modify certain deadlines pertaining to machine-readable, tamper-resist-ant entry and exit documents,” H.R. 4417.

45 “Biometric Identification to Provide Enhanced Security and Speedier Border Clearance for the Travelling Public,” International Civil Aviation Organization, PIO/2003 (28 May 2003), http://www.icao.int/icao/en/nr/2003/pio200309.htm (accessed November 20, 2003).

(23)

will simply bring the passport close to the reader. The reader will cap-ture the personal data and the digitized biometrics. This information can then be checked against terrorist and law enforcement watch lists. If there are no hits, the inspector can then allow the traveler to contin-ue on through passport control and enter the United States. Similarly, upon exiting within the ninety-day limit of the Visa Waiver Program, the traveler will “check out” of the country with a wave of the passport over a reader, possibly even using a self-service kiosk. With the US-VISIT enrollment requirement now in place for nationals of Visa Waiver Program countries, it is not clear that biometric passports will ever be able to serve in this way, because it is unclear that the US-VISIT enrollment requirement will ever be rescinded in the future.

IV. CHALLENGES

A. Multiple missions

The entry-exit system at the heart of US-VISIT was originally designed to determine whether visiting foreigners overstayed their visas, but was recast after the September 11 attacks as a system to combat terrorism. According to DHS, US-VISIT now has both immigration law enforce-ment and antiterrorism missions. There are serious limitations, howev-er, as to what US-VISIT can accomplish with respect to each of these missions, and the requirements for each may conflict. US-VISIT will provide much better visa overstay data, but this data might not be that useful for the apprehension and prosecution of visa overstayers. On the counterterrorism front, it is likely that US-VISIT will only be able to deter or divert terrorists, not catch them. These inherent limitations call into question the ambitiousness of the goals set out for the system and raise the issues of goal prioritization, implementation reconsidera-tions, and deadline expectations.

With respect to the immigration law enforcement mission, an automated entry-exit system may be the only effective way to identify individual

(24)

visa overstayers, gather aggregate data to confirm the estimates of some 2.3 million visa overstayers who filled out I-94 forms, determine the additional Mexican and Canadian overstayers, and calculate more accu-rate overstay accu-rates of nationals of states applying for the Visa Waiver Program so as to make better assessments of program eligibility.46 The utility of an entry-exit system in apprehending and prosecuting individual visa overstayers, however, is not so clear cut. The database would have to be accurate enough to ensure that the lack of an exit record truly meant that the person in question actually had not left the country. If there were to be repeated errors in the exit data that could be corroborated by other evidence (e.g., the name of the person on an outbound airline manifest, an entry stamp in the individual’s passport from another country before the individual’s US visa expired, combined with boarding passes, home videos documenting the individual’s home-coming, etc.), then the entry-exit system could be considered unreli-able as a whole and the data it generated not useful for the prosecution of individual cases. If one individual could register an exit of another without being detected by the entry-exit system, it could be suscepti-ble to fraud. Once identified, it is unlikely that a visa overstayer would remain at the address originally given upon arrival, and even if he or she did, there are a limited number of ICE officers available to find, apprehend, and deport millions of visa overstayers.47

Although it is clear that an automated entry-exit system cannot also automatically enforce visa time limitations, such a system constrains the options open to visa overstayers that may, in turn, modify their behavior. Most importantly, individuals may be able to overstay their visas once (meaning avoiding discovery and remaining in the United States), but it would be very difficult for them to leave the United States, apply for another visa, and overstay again. For example, a Polish roofer with US relatives may apply for a thirty-day tourist visa with the purpose of visiting family at Easter, then stay and work through the building season and return home at the end of fall. Having

46 “Overstay Tracking: A Key Component of Homeland Security and a Layered Defense,” General Accounting Office, GAO-04-82, May 2004.

(25)

earned a significant amount of money in the United States, he may deposit a relatively substantial amount in the savings account of a Polish bank and purchase some property in Poland. The savings and property demonstrate financial solvency and provide a reason for his return to Poland, thereby setting the stage for another successful tourist visa application two years later, again to visit family and again to work though the building season.

Without a credible entry-exit system, it has been possible for visa overstayers to not only stay in the United States, but also to travel back and forth. If nothing else, US-VISIT could reduce the total number of visa overstayers in the United States simply by stopping those who have overstayed from returning again. It would also deter those who fear they may lose the possibility of visiting US relatives from overstay-ing in the first place (whether or not they work illegally duroverstay-ing the duration of their visa is another matter).

Alternatively, if deployment of US-VISIT is not paired with increased enforcement of laws prohibiting employment of illegal migrant workers, visa overstayers who are gainfully employed in the US underground economy may simply opt to remain in the United States and not return home so as to not risk being denied entry. Those who obtain a visa in order to enter the United States and work illegally may opt to stay as well. It may have the same effect that increased enforcement at the US-Mexican border has had—turning temporary illegal migrant work-ers into permanent illegal migrant workwork-ers who opt to have their fami-lies smuggled into the United States once rather than paying multiple smuggler’s fees and repeatedly risking assault, theft, injury, or appre-hension on trips back and forth themselves.

Moreover, with the addition of its biometric capabilities, US-VISIT dif-fers fundamentally from the previous, incomplete automated entry-exit system, which was more susceptible to fraud. With the addition of bio-metrics, the system has been useful in stopping those with records of criminal or immigration violations from entering the United States, some of whom had previously entered the United States repeatedly using aliases and fraudulent documents but whose fingerprints collect-ed upon entry produccollect-ed watch list hits in IDENT. By the end of 2004,

(26)

US-VISIT was used to arrest or stop 372 criminals and immigration law violators.48_{Moreover, since US-VISIT’s biometric capabilities} make it more difficult to commit visa fraud, it will most likely deter foreign nationals from attempting it.

With respect to counterterrorism, the DHS has yet to announce the apprehension of a single suspected terrorist with data gathered by US-VISIT. Of course, one can never know how many potential terrorists were deterred. Even if US-VISIT has collected data used to identify a terrorism suspect, law enforcement and intelligence agencies may opt not to make it public, so as not to compromise ongoing investigations. Moreover, the system is not fully developed and deployed. It may be premature to judge the system a failure in achieving the goal of serving as a “vital counterterrorism tool”49_{after only one year’s experience with} the first increment of the system in place. Nevertheless, even when the system is fully deployed, it is not clear how large a contribution US-VISIT will be able to make to the overall counterterrorism mission. US-VISIT counterterrorism watch list checks are only as potent as the quality of the intelligence data upon which they rely, the quality of the data US-VISIT collects, and the matching of the two. For example, the DHS inspector general recently concluded that those attempting to enter the United States with stolen passports are usually admitted, that reports of stolen passports on lookout systems made little difference, and that several blocks of stolen passports have been linked to Al Qaeda.50_{After the September 11 attacks, Congress mandated that the} Federal Bureau of Investigation’s (FBI) Integrated Automated

Fingerprint Identification System (IAFIS), which is a ten-fingerprint system, be made interoperable with IDENT. According to a recent Department of Justice Inspector General report,51_{however, “DHS}

cur-48 “DHS Entry-Exit System Meets 2004 Goals Ahead of Schedule,” Department of Homeland Security, press release, January 2005.

49 The Intelligence Reform and Terrorism Prevention Act of 2004, House Report 108-796, Section 7208 (h).

50 “A Review of the Use of Stolen Passports from Visa Waiver Countries to Enter the United States,” op. cit.

51 “Follow-up Review of the Status of IDENT/IAFIS Integration,” US Department of Justice, Office of the Inspector General, Report Number I-2005-001, December 2004.

(27)

rently plans to use IAFIS to check the fingerprints of less than one percent of the visitors subject to US-VISIT at the ports-of-entry…. Instead, the DHS continues to rely upon the interim measure of check-ing most visitors’ fcheck-ingerprints against the small portion of IAFIS data extracted into IDENT.” The report went on to say that efforts to make the ten-print IAFIS system interoperable with the two-print IDENT system have stalled.

A recent study also found that the two-print IDENT system used in US-VISIT is also susceptible to “US-bound terrorists that have either poor image quality (e.g., worn out fingers) or deliberately reduced image quality (e.g., surgery, chemicals, sandpaper)” because scans from worn fingers reduce the likelihood that US-VISIT would flag a terrorist whose fingerprints are stored on the biometric watch list from 96 percent to 53 percent.52_{A ten-print finger scan system would bring} detection rates of worn fingers up to 95 percent, but using IDENT fin-ger scanners to collect ten prints, one at a time (if even possible), could significantly increase the duration of the US-VISIT enrollment process and slow down overall crossing times at ports-of-entry. Replacing the IDENT system and increasing the overall data storage and data handling capacity of US-VISIT may prove to be prohibitively costly for the near future.

In addition to possibilities for system deception, terrorists may simply circumvent US-VISIT by crossing borders between points of entry. One stakeholder in the Detroit-Windsor area noted that while CBP is col-lecting fingerprints from legitimate travelers crossing the Ambassador Bridge, a terrorist could easily take a boat across the Detroit River into the United States undetected just a few miles up- or downstream, mix-ing in with Michigan’s thousands of recreational boaters. In FY2004, the US Border Patrol apprehended 1.1 million people attempting to cross into the United States between ports-of-entry.53_{For every one}

52 Lawrence M. Wein, testimony at the hearing on “Disrupting Terrorist Travel: Safeguarding America’s Borders through Information Sharing,” US House of Representatives Select Committee on Homeland Security, September 30, 2004. 53 See Immigration Monthly Statistical Report, September 2004 Year End Report,

Southwest Border Apprehensions, http://uscis.gov/graphics/shared/aboutus/statistics/ msrsep04/SWBORD.HTM.

(28)

arrested, it is estimated that several successfully enter. Terrorists could be smuggled into the United States between ports-of-entry, just as hun-dreds of thousands of illegal migrants are every year. In recent con-gressional testimony, Deputy Secretary of Homeland Security James Loy noted that new information suggests that “several Al Qaeda lead-ers believe operatives can pay their way into the country through Mexico (Loy 2005).”54

As long as a potential terrorist can steal or purchase a stolen passport and enter the United States “with little reason to fear being caught,”55 it makes little sense for a terrorist organization to attempt to smuggle its operatives by having them take the dangerous trek through moun-tains and deserts along the US-Mexican border that most of those smuggled endure due to increased border controls in the more easily traversed urban areas. If a terrorist’s travel documents are determined to be stolen or fraudulent upon entry at a US airport, there is a good chance that he will simply be sent back to where he came from on the next available flight, provided that he has not already been identified by the intelligence community as a terrorist suspect and is therefore subject to a warrant for his arrest (with a hold order effectively trans-mitted to CBP inspectors). If a terrorist were to pose as an illegal migrant laborer who made his way to Mexico and wanted to be smug-gled across the border, he would run the risks faced by all smugsmug-gled migrants: being robbed, abandoned in the dessert, and possibly dying there, in addition to the risk of being apprehended and deported. Moreover, the Border Patrol is now using the ten-print IAFIS system in addition to the two-print IDENT system to check those caught crossing the border. Therefore, it would be more likely to uncover terrorists in the law enforcement databases than the current two-print US-VISIT system. The risk calculation for a would-be terrorist is this: “Is it more likely that I will encounter law enforcement entering ‘lawfully’ at a port-of-entry, or evading law enforcement between ports and then

con-54 James Loy, “Statement of Deputy Secretary Admiral James Loy on The World Wide Threat,” US Senate Select Committee on Intelligence, February 16, 2005. 55 “A Review of the Use of Stolen Passports from Visa Waiver Countries to Enter the

(29)

tinually evading law enforcement once inside the country?” So far, it seems that terrorists favor the former, but as inspection scrutiny increases at the ports-of-entry, this could change.

Frontline border control officers often compare their task to squeezing a balloon: If you squeeze one end, it expands at the other. Clamping down at one part of the border diverts smugglers and illegal migrants to attempt to cross elsewhere. If one stiffens controls at some ports-of-entry or elimi-nates one form of visa and document fraud, smugglers will try others and put new pressures on other systems. US-VISIT will increase the risks for terrorists attempting to enter the United States undetected through ports-of-entry. Should they not be deterred and persist in their attempts, US-VISIT may divert them into means of entry that pose higher risks of appre-hension and/or other harm that disables them and disrupts their plot. Essentially, US-VISIT is an additional obstacle to foreign terrorists wishing to enter the United States. However, even when fully deployed, it is unlikely itself to catch many terrorists trying to enter the United States. It is unlikely that “established terrorists” who suspect that they may have been under surveillance will willingly provide the biographi-cal and biometric data that may lead to their apprehension. It is unlikely that the data given by “potential terrorists” who have no crim-inal record and minimal contacts with terrorist organizations will gen-erate a hit on the watch lists that are checked by US-VISIT.

Undeterred, “established terrorists” are more likely to try to circum-vent US-VISIT, either by travel document fraud using stolen or fraudu-lent US or Canadian documents or a fraudufraudu-lent Mexican border cross-ing card, or by crosscross-ing between ports-of-entry.

There is little that US-VISIT can do to stop the initial entry of an individ-ual who has no record of terrorist-related activities or possible terrorism-related travel (e.g., to Afghanistan in the late 1990s). Once the budding terrorist enters, however, subsequent international travel for meetings (e.g., to counties with active terrorist organizations such as Malaysia) and changes in status (e.g., application for an M visa for enrollment in flight school) may be recorded by the system and raise red flags that trigger investigation. A future terrorist who is smart and well trained may avoid such actions that would raise red flags. Much depends on the intelligence,

(30)

experience, and training of the terrorists. As some of the mistakes and risky behavior of some of the 9/11 hijackers indicate, terrorists, much like other criminals, are not always that smart. US-VISIT may succeed in catching a few of the less competent, but there are still simply too many ways to circumvent or deceive the system for it to be much more than a small part of border control authorities’ response to international terrorism.

B. Entry process

When US-VISIT went live on January 5, 2004, there were widespread fears that it would slow down incoming visitors at airports and play havoc on connecting flights. The system has performed better than expected. US-VISIT added an average of only fifteen seconds to the entry process and did not significantly impair travel flows at the air-ports and seaair-ports where it was deployed. By the end of 2004, US-VISIT had processed 16.9 million foreign visitors.56

The US-VISIT program completed its Increment 2B rollout at the fifty busiest land border crossings on December 29, 2004, (two days ahead of schedule) and without any appreciable disruptions of traffic flows. It is important to keep in mind, however, that at land borders, enrollment in US-VISIT can be performed in secondary inspection because it is only mandatory for those individuals who require an I-94, and this constitutes only a very small percentage of those crossing land borders. Enrollment in US-VISIT is only required of those traveling on a regu-lar visa or entering under the Visa Waiver Program. Enrollment in US-VISIT is not required of US citizens, permanent resident aliens, visa-exempt Canadian nationals, or the seven million plus Mexicans with border crossing cards, who together constitute the four largest cate-gories of entries (see Table 1). After the US-VISIT program had been established, it was announced that, for the time being, visa-exempt Canadian nationals57_{would be exempt from mandatory enrollment in}

56 “DHS Entry-Exit System Meets 2004 Goals Ahead of Schedule,” Department of Homeland Security, press release, January 2005.

57 Canadian nationals entering the United States for short stays are exempt from most visa requirements and also from US-VISIT; however, those who are entering the United States on a visa are required to be enrolled in US-VISIT.

(31)

US-VISIT.58_{In response to Mexican objections of unequal treatment in} comparison with the United States’ other NAFTA partner, the Bush administration decided to exempt Mexican nationals with border cross-ing cards (so-called “laser visas”) that entitle holders to enter the United States and remain in the border region up to twenty-five miles into US territory for up to seventy-two hours.59_{The Border Trade} Alliance, a business group representing more than 1,000 industry, gov-ernment, and education officials, said the plan did not go far enough and advocated that border crossing cards be valid for stays of six months and good for travel throughout the southwest.60_{Stays were} extended as of August 12, 2004, but only to thirty days.

In FY2002, regular visa and visa waiver entries constituted only 6.3 million of the 358.3 million total land border entries, or approximately 1.7 percent. If current entry rates follow recent historical patterns, only 1.5 to 2 percent of those people entering the United States over land

Table 1 FY2002 Entries into the United States (in millions) 61 Air Sea Land Totals

US Citizens 33.0 7.4 120.7 161.1 Legal Permanent Residents 4.4 0.2 75.0 79.6 Visa Waiver 13.0 0.3 1.8 15.1 Visa Exempt (Canadians) 52.2 52.2 Regular Visa 19.3 4.5 4.5 28.3 Mexican Border Crossing Card 104.1 104.1 Totals 67.9 12.4 358.3 440.4

58 “Governor Ridge and Deputy Prime Minster Manley Issue One-Year Status Report on the Smart Border Action Plan,” press release, Canadian Embassy, Washington, D.C., October 3, 2003.

59 “US-VISIT Fact Sheet: US Land Borders,”

http://www.dhs.gov/dhspublic/interapp/press_release/press_release_0371.xml (accessed March 28, 2004).

60 Joe Cantlupe, “Border Group Wants Visa Rules Amended; Proposal Would Aid Mexican Visitors,” San Diego Union Tribune, April 1, 2004.

61 “Request for Proposals for US-VISIT Program Prime Contractor Acquisition,” op. cit., 12.

(32)

borders are being enrolled in US-VISIT. Although the challenges of implementing the US-VISIT exit process at land borders are well known, when asked about the exit process, a senior DHS official said, “Exit? I’m not so sure about entry.” Upon closer examination, the rea-sons for this official’s skepticism become clear.

The challenge of implementing the entry process of US-VISIT at land borders is evident at the country’s busiest border crossing, where there would be a significant impact if the percentage of entries requiring US-VISIT were increased beyond single digits. According to a DHS offi-cial, on an average day at the San Ysidro, California port-of-entry, 53,000 vehicles with drivers and 80,000 passengers enter through twenty-four inbound lanes, together with 20,000 to 30,000 pedestrians, for a total of about 150,000 entries. This official flatly stated that if enrollment in US-VISIT took place in primary inspection and added only ten seconds to each individual crossing, it would “kill operations” and lead to unsustainable backups. Similarly, a stakeholder from the Detroit-Windsor area said that the addition of ten to fifteen seconds to the processing of every driver and passenger entering the United States over the Ambassador Bridge would “shut down the bridge.”

There were no shutdowns at the end of 2004 when US-VISIT was deployed at San Ysidro and the Ambassador Bridge because enroll-ment of US-VISIT was accomplished in secondary inspection and required of only a very small percentage of those who entered, and most of these people were already going to secondary for I-94 form processing. There could, however, be very similar negative effects at land borders due to more stringent travel document inspection made necessary by the need to verify the identity of those exempt from US-VISIT (i.e., US citizens, legal permanent residents, visa-exempt Canadians, and Mexicans with border crossing cards). This could hap-pen even without instituting US-VISIT enrollment in primary inspec-tion and maintaining enrollment in secondary inspecinspec-tion at the current enrollment rates.

Upon entry at land borders, US citizens may make an oral declaration of their citizenship, and the inspector, using his or her judgment, may allow the person to enter if satisfied with the totality of information

(33)

available or ask to see proof of citizenship (usually a passport). For example, while conducting field research, I crossed both the southern and northern borders. When entering from Mexico through the pedes-trian lane at San Ysidro, I pulled out my passport, but the inspector did not look at it; when entering Detroit from Canada as an automobile passenger, the driver told the inspector that we were US citizens, but I was not asked any questions and did not speak, nor were either of us asked for proof of citizenship. In tens of thousands of cases, individu-als make findividu-alse claims to US citizenship. These claims are uncovered when individuals are challenged and cannot produce a valid US pass-port or other documentary evidence of US citizenship (see Table 2).

Several interviewees from border communities relayed similar experi-ences to my own as well as recounted the cursory inspection of non-citizens’ documents. Technically, CBP officers must visually inspect the travel documents of non-US citizens, but this does not always hap-pen. For example, a US citizen recalled driving into Mexico for one day with two visiting Turkish nationals. When they returned to the United States, the inspector allowed them to enter without asking the driver or his Turkish passengers for their passports.

Those who smuggle migrants though ports-of-entry conduct their own surveillance and know the realities of the inspection processes extremely well. If certain visa fraud schemes and the use of fraudulent foreign passports are foiled by the biometric screening of US-VISIT,

Table 2 Apprehensions of Persons with False Claims to Citizenship62

FY1999 FY2000 FY2001 FY2002 FY2003 FY2004

False Claims to 27,781 31,964 30,129 15,293 12,878 12,404 US Citizenship

False Claims to 1,108 787 908 836 269 295 other Citizenship

(34)

travel documents that enable individuals to pose as US, Canadian, and Mexican citizens exempt from US-VISIT become much more useful and valuable to smugglers and terrorists. US passports, Canadian pass-ports, and border crossing cards are susceptible to being counterfeited, or genuine documents may be fraudulently altered and used to try to enter the United States, as Table 3 demonstrates.

There are 320,000 records of lost or stolen US passports reported since 2002.67_{Anyone can declare his or her US citizenship to avoid} US-VISIT. English speakers who have been coached could declare their US citizenship while crossing as a passenger of a vehicle, show the outside cover of an altered US passport if necessary, and, if demanded

Table 3 Fraudulent Documents Intercepted at All Ports-of-entry63

FY1999 FY2000 FY2001 FY2002 FY2003 FY2004

Alien Registration 33,295 34,120 26,259 14,373 14,523 16,446 Cards Re-entry Permits64 _1,107 ₁₅₃ ₇₀₂ _1,003 _1,193 _1,792 Border Crossing 30,797 38,650 30,419 16,265 1,5604 18,587 Cards Nonimmigrant 17,965 17,417 21,127 21,275 19,137 17,934 Visas Immigrant Visas 663 447 597 544 3,309 2,874 Foreign Passports65_14,695 _15,047 _15,994 _10,467 _6,251 _9,041 US Passports66 _21,196 _17,703 _18,925 _10,892 _9,956 _12,599 Total Fraudulent 119,718 123,537 114,023 74,819 69,973 79,273 Docs

63 Source: INS Form G-22.1. 64 and refugee travel documents. 65 and citizenship documents. 66 and citizenship documents.

67 “A Review of the Use of Stolen Passports from Visa Waiver Countries to Enter the United States,” op. cit., 7.

(35)

by the inspector, render the altered passport for inspection. Passports with film photographs laminated onto the inside cover are easier to alter with substitute photos than current passports with digital photo-graphs and are therefore much more valuable to smugglers. These older passports were issued until April 2002 and are valid for ten years. Tens of thousands of people attempt to enter the United States with fraudulent US passports each year.

As of September 30, 2004, Canada is the only country whose nationals may enter the United States without submitting any biometrics.68_There are more than 25,000 Canadian passports reported lost or stolen each year. Although the Canadian Passport Office began deactivating lost and stolen passports beginning in April 2003, the Passport Office did not share its list of deactivated passports with Citizenship and Immigration Canada due to privacy considerations, so inspectors at Canadian ports-of-entry could not identify deactivated passports.69_As of February 2004, data on lost and stolen passports has been manually entered into Royal Canadian Mounted Police (RCMP) databases,70_but the March 2004 Report of the Auditor General of Canada to the House of Commons notes high error rates and data entry lags.71_{If data on lost} and stolen Canadian passports are not also shared with US authorities, Canadian passports stolen in Canada or abroad could be altered and used by individuals to enter the United States without submitting bio-metrics and without being subject to criminal and terrorist biometric watch lists.

Part of the reasoning for exempting those entering the United States with Mexican border crossing cards is that the border crossing cards contain fingerprint biometrics and a photograph, and the biometric data can be read by swiping the card through a reader. Unfortunately, many US

68 Unless they are legal permanent residents in the United States.

69 “National Security in Canada—The 2001 Anti-Terrorism Initiative,” Chapter 3 of the March 2004 Report of the Auditor General of Canada to the House of Commons, http://www.oag-bvg.gc.ca/domino/reports.nsf/html/04menu_e.html (accessed March 30, 2004).

70 “Passport Office Responds to Auditor General’s Report,” press release, #49, Passport Office, Department of Foreign Affairs and International Trade, Canada, March 30, 2004. 71 “National Security in Canada—The 2001 Anti-Terrorism Initiative,” op. cit., 31.